wordpress theme photocrati 4.X.X SQL INJECTION

vendor:

Photocrati

by:

ayastar

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Photocrati

Affected Version From: 4.X.X

Affected Version To: 4.X.X

Patch Exists: NO

Related CWE: N/A

CPE: a:photocrati:photocrati

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2011

wordpress theme photocrati 4.X.X SQL INJECTION

Attacker can do a remote injection in site URL to get some sensitive information. Almost all versions are infected by this vulnerability.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
# Date: [23 / 09 / 2011 ]
# Exploit Author: [ ayastar ]
# Email : dmx-ayastar@hotmail.fr
# Software Link: [ http://www.photocrati.com ]
# Version: [4.X.X]
# Tested on: [ windows 7 ]


--------
details |
=======================================================
Software : photocrati
version : 4.X.X
Risk : High
remote : yes

attacker can do a remote injection in site URL to get some sensitive information .
almost all version are infected by this vunl. 
=======================================================
Exploit code :
http://sitewordpress/wp-content/themes/[photocrati-Path-theme]/ecomm-sizes.php?prod_id=[SQL]

greetz to all muslims and all tryag member's 
:) from morocco